Lots of things need to be done in order to properly secure an SAP NetWeaver Application Server, for instance setting authorizations, web content, standard users, and security note installation. However, one of the most important components that need to be configured in a secure manner is the RFC Gateway.

The RFC Gateway is the technical component of the SAP NetWeaver Application Server that manages the communication for all SAP Remote Function Call (RFC) based functionality. It runs on every SAP NetWeaver Application Server – ABAP and Java.

The lecture will show a live hacking session of an SAP system by misusing the RFC Gateway. Afterwards, SAP’s own internal security department will provide recommendations on how to protect the RFC Gateway.

SAP Global IT successfully implemented the protection measures for the RFC Gateway in a large enterprise environment. As protecting the RFC Gateway can be a challenging task for SAP customers, SAP Global IT wants to demonstrate how “SAP Runs SAP”. We will share information about the internal project and our experience gathered during real-life implementation. Furthermore, ways how to design and roll out the RFC Gateway protection will be discussed.

Have you already secured the RFC Gateways in your company? If the answer is ‘no’ you should not miss the TechEd - Lecture Session SIS203. Within an hour you will understand the need to secure the RFC Gateway and take home valuable information on how to solve this security issue.

More information about SIS203 can be found at

Las Vegas: http://TechEd2012.sapevents.com/sessions?sf=725

Madrid: http://madrid.sapevents.com/TechEd/sessions?sf=1137

Looking forward to see you at TechEd Madrid!

Björn